I'm presenting a talk in Null OWASP Bengaluru Meetup on 25th April 2026. It is a talk that focuses on foundation of injections in web applications. I wish, I had a senior or mentor who would have walked through me this in the early days of my career. However, Rahul Verma's workshop on web security helped me to build the perspectives -- I take this opportunity to thank and express my gratitude for him.
It's Just Data..., Until It Isn't: The Grammar of Injection Attacks
In modern web applications, user input is everywhere -- search boxes, login forms, URLs, and APIs. Most of the time, it is treated as harmless data. But what happens when the data is interpreted as code?
This talk introduces a fundamental yet often overlooked concept behind vulnerabilities like HTML injection, SQL injection and Cross-Site Scripting (XSS): grammar and context.
Instead of focusing on memorizing payloads, we will explore how browsers, databases, and interpreters parse input. Later, we will learn how the attackers exploit these rules to break out of intended contexts. Through simple, real-world examples, we will walk step-by-step through how an attacker reads the structure of a target, identifies injection points, and crafts payloads that turn data into execution.
By the end of this session, you will have a strong mental model to:
- Understand where and why injection vulnerabilities occur
- Analyze how input is interpreted across HTML, JavaScript, and SQL contexts
- Think like an attacker and defend like an engineer.
 |
null and OWASP Bengaluru Meetup - 25th April 2026 |
No comments:
Post a Comment
Please, do write your comment on the read information. Thank you.